1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> |
4 | ** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
5 | ** Contact: https://www.qt.io/licensing/ |
6 | ** |
7 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
8 | ** |
9 | ** $QT_BEGIN_LICENSE:LGPL$ |
10 | ** Commercial License Usage |
11 | ** Licensees holding valid commercial Qt licenses may use this file in |
12 | ** accordance with the commercial license agreement provided with the |
13 | ** Software or, alternatively, in accordance with the terms contained in |
14 | ** a written agreement between you and The Qt Company. For licensing terms |
15 | ** and conditions see https://www.qt.io/terms-conditions. For further |
16 | ** information use the contact form at https://www.qt.io/contact-us. |
17 | ** |
18 | ** GNU Lesser General Public License Usage |
19 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
20 | ** General Public License version 3 as published by the Free Software |
21 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
22 | ** packaging of this file. Please review the following information to |
23 | ** ensure the GNU Lesser General Public License version 3 requirements |
24 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
25 | ** |
26 | ** GNU General Public License Usage |
27 | ** Alternatively, this file may be used under the terms of the GNU |
28 | ** General Public License version 2.0 or (at your option) the GNU General |
29 | ** Public license version 3 or any later version approved by the KDE Free |
30 | ** Qt Foundation. The licenses are as published by the Free Software |
31 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
32 | ** included in the packaging of this file. Please review the following |
33 | ** information to ensure the GNU General Public License requirements will |
34 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
35 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
36 | ** |
37 | ** $QT_END_LICENSE$ |
38 | ** |
39 | ****************************************************************************/ |
40 | |
41 | #include "qssldiffiehellmanparameters.h" |
42 | #include "qssldiffiehellmanparameters_p.h" |
43 | #include "qsslsocket_openssl_symbols_p.h" |
44 | #include "qsslsocket.h" |
45 | #include "qsslsocket_p.h" |
46 | |
47 | #include "private/qssl_p.h" |
48 | |
49 | #include <QtCore/qatomic.h> |
50 | #include <QtCore/qbytearray.h> |
51 | #include <QtCore/qiodevice.h> |
52 | #include <QtCore/qscopeguard.h> |
53 | #ifndef QT_NO_DEBUG_STREAM |
54 | #include <QtCore/qdebug.h> |
55 | #endif |
56 | |
57 | #include <openssl/bn.h> |
58 | #include <openssl/dh.h> |
59 | |
60 | QT_BEGIN_NAMESPACE |
61 | |
62 | #ifdef OPENSSL_NO_DEPRECATED_3_0 |
63 | |
64 | static int q_DH_check(DH *dh, int *status) |
65 | { |
66 | // DH_check was first deprecated in OpenSSL 3.0.0, as low-level |
67 | // API; the EVP_PKEY family of functions was advised as an alternative. |
68 | // As of now EVP_PKEY_params_check ends up calling ... DH_check, |
69 | // which is good enough. |
70 | |
71 | Q_ASSERT(dh); |
72 | Q_ASSERT(status); |
73 | |
74 | EVP_PKEY *key = q_EVP_PKEY_new(); |
75 | if (!key) { |
76 | qCWarning(lcSsl, "EVP_PKEY_new failed" ); |
77 | QSslSocketBackendPrivate::logAndClearErrorQueue(); |
78 | return 0; |
79 | } |
80 | const auto keyDeleter = qScopeGuard([key](){ |
81 | q_EVP_PKEY_free(key); |
82 | }); |
83 | if (!q_EVP_PKEY_set1_DH(key, dh)) { |
84 | qCWarning(lcSsl, "EVP_PKEY_set1_DH failed" ); |
85 | QSslSocketBackendPrivate::logAndClearErrorQueue(); |
86 | return 0; |
87 | } |
88 | |
89 | EVP_PKEY_CTX *keyCtx = q_EVP_PKEY_CTX_new(key, nullptr); |
90 | if (!keyCtx) { |
91 | qCWarning(lcSsl, "EVP_PKEY_CTX_new failed" ); |
92 | QSslSocketBackendPrivate::logAndClearErrorQueue(); |
93 | return 0; |
94 | } |
95 | const auto ctxDeleter = qScopeGuard([keyCtx]{ |
96 | q_EVP_PKEY_CTX_free(keyCtx); |
97 | }); |
98 | |
99 | const int result = q_EVP_PKEY_param_check(keyCtx); |
100 | QSslSocketBackendPrivate::logAndClearErrorQueue(); |
101 | // Note: unlike DH_check, we cannot obtain the 'status', |
102 | // if the 'result' is 0 (actually the result is 1 only |
103 | // if this 'status' was 0). We could probably check the |
104 | // errors from the error queue, but it's not needed anyway |
105 | // - see the 'isSafeDH' below, how it returns immediately |
106 | // on 0. |
107 | Q_UNUSED(status) |
108 | |
109 | return result; |
110 | } |
111 | #endif // OPENSSL_NO_DEPRECATED_3_0 |
112 | |
113 | static bool isSafeDH(DH *dh) |
114 | { |
115 | int status = 0; |
116 | int bad = 0; |
117 | |
118 | QSslSocketPrivate::ensureInitialized(); |
119 | |
120 | |
121 | // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: |
122 | // |
123 | // The additional call to BN_mod_word(dh->p, 24) |
124 | // (and unmasking of DH_NOT_SUITABLE_GENERATOR) |
125 | // is performed to ensure your program accepts |
126 | // IETF group parameters. OpenSSL checks the prime |
127 | // is congruent to 11 when g = 2; while the IETF's |
128 | // primes are congruent to 23 when g = 2. |
129 | // Without the test, the IETF parameters would |
130 | // fail validation. For details, see Diffie-Hellman |
131 | // Parameter Check (when g = 2, must p mod 24 == 11?). |
132 | // Mark p < 1024 bits as unsafe. |
133 | if (q_DH_bits(dh) < 1024) |
134 | return false; |
135 | |
136 | if (q_DH_check(dh, codes: &status) != 1) |
137 | return false; |
138 | |
139 | const BIGNUM *p = nullptr; |
140 | const BIGNUM *q = nullptr; |
141 | const BIGNUM *g = nullptr; |
142 | q_DH_get0_pqg(dh, p: &p, q: &q, g: &g); |
143 | |
144 | if (q_BN_is_word(a: const_cast<BIGNUM *>(g), DH_GENERATOR_2)) { |
145 | const unsigned long residue = q_BN_mod_word(a: p, w: 24); |
146 | if (residue == 11 || residue == 23) |
147 | status &= ~DH_NOT_SUITABLE_GENERATOR; |
148 | } |
149 | |
150 | bad |= DH_CHECK_P_NOT_PRIME; |
151 | bad |= DH_CHECK_P_NOT_SAFE_PRIME; |
152 | bad |= DH_NOT_SUITABLE_GENERATOR; |
153 | |
154 | return !(status & bad); |
155 | } |
156 | |
157 | void QSslDiffieHellmanParametersPrivate::decodeDer(const QByteArray &der) |
158 | { |
159 | if (der.isEmpty()) { |
160 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
161 | return; |
162 | } |
163 | |
164 | const unsigned char *data = reinterpret_cast<const unsigned char *>(der.data()); |
165 | int len = der.size(); |
166 | |
167 | QSslSocketPrivate::ensureInitialized(); |
168 | |
169 | DH *dh = q_d2i_DHparams(a: nullptr, pp: &data, length: len); |
170 | if (dh) { |
171 | if (isSafeDH(dh)) |
172 | derData = der; |
173 | else |
174 | error = QSslDiffieHellmanParameters::UnsafeParametersError; |
175 | } else { |
176 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
177 | } |
178 | |
179 | q_DH_free(dh); |
180 | } |
181 | |
182 | void QSslDiffieHellmanParametersPrivate::decodePem(const QByteArray &pem) |
183 | { |
184 | if (pem.isEmpty()) { |
185 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
186 | return; |
187 | } |
188 | |
189 | if (!QSslSocket::supportsSsl()) { |
190 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
191 | return; |
192 | } |
193 | |
194 | QSslSocketPrivate::ensureInitialized(); |
195 | |
196 | BIO *bio = q_BIO_new_mem_buf(a: const_cast<char *>(pem.data()), b: pem.size()); |
197 | if (!bio) { |
198 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
199 | return; |
200 | } |
201 | |
202 | DH *dh = nullptr; |
203 | q_PEM_read_bio_DHparams(a: bio, b: &dh, c: nullptr, d: nullptr); |
204 | |
205 | if (dh) { |
206 | if (isSafeDH(dh)) { |
207 | char *buf = nullptr; |
208 | int len = q_i2d_DHparams(a: dh, p: reinterpret_cast<unsigned char **>(&buf)); |
209 | if (len > 0) |
210 | derData = QByteArray(buf, len); |
211 | else |
212 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
213 | } else { |
214 | error = QSslDiffieHellmanParameters::UnsafeParametersError; |
215 | } |
216 | } else { |
217 | error = QSslDiffieHellmanParameters::InvalidInputDataError; |
218 | } |
219 | |
220 | q_DH_free(dh); |
221 | q_BIO_free(a: bio); |
222 | } |
223 | |
224 | QT_END_NAMESPACE |
225 | |